[Arquivado]Análise do logfile do HijackThis

[Adriano Santos 0]

Se puderem favor analisar o logfile do HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 10:18:40, on 19/01/2007

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCSETMGR.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCEVTMGR.EXE

C:\ARQUIVOS DE PROGRAMAS\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE

C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE

C:\WINDOWS\SYSTEM\MSDTCW.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\SYSTEM\SISSWLED.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\LOADQM.EXE

C:\ARQUIVOS DE PROGRAMAS\BORLAND\INTERBASE\BIN\IBGUARD.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\PWSTRAY.EXE

C:\WINDOWS\SYSTEM\HPZTSB04.EXE

C:\ARQUIVOS DE PROGRAMAS\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\ARQUIVOS DE PROGRAMAS\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE

C:\ARQUIVOS DE PROGRAMAS\BORLAND\INTERBASE\BIN\IBSERVER.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\ARQUIVOS DE PROGRAMAS\MOZILLA FIREFOX\FIREFOX.EXE

C:\ARQUIVOS DE PROGRAMAS\WINZIP\WINZIP32.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {010AB841-B804-11D9-93D8-000A1513006B} - C:\WINDOWS\SYSTEM\HPJB.DLL (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\ARQUIVOS DE PROGRAMAS\SEEKMO\SEEKMOHOOK.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\PROGRAM FILES\ZANGO PROGRAMS\ZANGO TOOLBAR\ZANGOTB.DLL (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMON.EXE /Consumer

O4 - HKLM\..\Run: [siSSWLED] C:\WINDOWS\SYSTEM\sisswled.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARQUIV~1\NORTON~1\ADVTOOLS\ADVCHK.EXE

O4 - HKLM\..\Run: [NPROTECT] C:\ARQUIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [interBaseGuardian] C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [seekmo] "c:\arquivos de programas\seekmo\seekmo.exe"

O4 - HKLM\..\Run: [PWSTray] PwsTray.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [NPROTECT] C:\ARQUIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start

O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\ARQUIVOS DE PROGRAMAS\EMULE\EMULE.EXE -AutoStart

O4 - Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE

O4 - Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O8 - Extra context menu item: &Pesquisa do Google - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html

O8 - Extra context menu item: Instantâneo da página em cache - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Páginas semelhantes - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Links para esta página - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .pdf: C:\ARQUIV~1\INTERN~1\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/HiEcCuGSD3Rlhbj3vIL_.chm::/on-line.exe

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/...ece5b5b666353a7

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = root

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.225.197.34,200.225.197.37

O18 - Filter: text/plain - {010AB840-B804-11D9-93D8-000A7A5FA5F0} - C:\WINDOWS\SYSTEM\HPJB.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL

[jgarcia 1]

Opa Adriano Santos,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

-> SEEKMO

-> RXTOOLBAR

-> ZANGO TOOLBAR

 

Utilize Adicionar / Remover programas.

 

Desinstale, um a um, e reinicie após tê-lo feito.

 

Obs.: Caso não encontre algum dos programas acima citados na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\SYSTEM\HPJB.DLL

C:\WINDOWS\TEMP\se.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Segurança e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo de Segurança (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo de Segurança).

 

Execute o HijackThis, clique em Do a system scan only e marque:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {010AB841-B804-11D9-93D8-000A1513006B} - C:\WINDOWS\SYSTEM\HPJB.DLL (file missing)

O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\ARQUIVOS DE PROGRAMAS\SEEKMO\SEEKMOHOOK.DLL (file missing)

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL (file missing)

O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\PROGRAM FILES\ZANGO PROGRAMS\ZANGO TOOLBAR\ZANGOTB.DLL (file missing)

O4 - HKLM\..\Run: [seekmo] "c:\arquivos de programas\seekmo\seekmo.exe"

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/HiEcCuGSD3Rlhbj3vIL_.chm::/on-line.exe

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/...ece5b5b666353a7

O18 - Filter: text/plain - {010AB840-B804-11D9-93D8-000A7A5FA5F0} - C:\WINDOWS\SYSTEM\HPJB.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL

Clique em Fix Checked.

 

3ª Etapa

 

Ainda em Modo de Segurança localize e delete:

 

C:\ARQUIVOS DE PROGRAMAS\SEEKMO <- a pasta

C:\PROGRAM FILES\RXTOOLBAR <- a pasta

C:\PROGRAM FILES\ZANGO PROGRAMS <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Poste o novo log do HijackThis.

 

Um abraço.

[Adriano Santos 0]

Olá pessoal meu micro tá apresentando uma infecção com o Bloodhound.Exploit.6 e eu não estou conseguindo remover, se caso alguém souber como fazer favor responder.Obrigado!

[Adriano Santos 0]

Logfile of HijackThis v1.99.1

Scan saved at 12:00:25, on 23/01/2007

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCSETMGR.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCEVTMGR.EXE

C:\ARQUIVOS DE PROGRAMAS\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE

C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\MSDTCW.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\SYSTEM\SISSWLED.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYMANTEC SHARED\CCAPP.EXE

C:\WINDOWS\LOADQM.EXE

C:\ARQUIVOS DE PROGRAMAS\BORLAND\INTERBASE\BIN\IBGUARD.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\PWSTRAY.EXE

C:\WINDOWS\SYSTEM\HPZTSB04.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG FREE\AVGCC.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG FREE\AVGEMC.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\ARQUIVOS DE PROGRAMAS\BORLAND\INTERBASE\BIN\IBSERVER.EXE

C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\ARQUIVOS DE PROGRAMAS\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\ARQUIVOS DE PROGRAMAS\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\ARQUIVOS DE PROGRAMAS\WINZIP\WINZIP32.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superesportes.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMON.EXE /Consumer

O4 - HKLM\..\Run: [siSSWLED] C:\WINDOWS\SYSTEM\sisswled.exe

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\ARQUIV~1\NORTON~1\ADVTOOLS\ADVCHK.EXE

O4 - HKLM\..\Run: [NPROTECT] C:\ARQUIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [interBaseGuardian] C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [PWSTray] PwsTray.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\ARQUIV~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe"

O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe"

O4 - HKLM\..\RunServices: [NPROTECT] C:\ARQUIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start

O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\ARQUIVOS DE PROGRAMAS\EMULE\EMULE.EXE -AutoStart

O4 - Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE

O4 - Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O8 - Extra context menu item: &Pesquisa do Google - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: &Traduzir palavra em inglês - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html

O8 - Extra context menu item: Instantâneo da página em cache - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Páginas semelhantes - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Links para esta página - res://C:\ARQUIVOS DE PROGRAMAS\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .pdf: C:\ARQUIV~1\INTERN~1\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = root

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.225.197.34,200.225.197.37

[jgarcia 1]

Opa Adriano Santos,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[Adriano Santos 0]

Segue resultado do Activescan do Panda.Incident Location Adware:adware/gator C:\WINDOWS\TEMP\Installgffsg.exe Adware:adware/wupd c:\windows\system\ide21201.vxd Potentially unwanted tool:application/altnet c:\programfiles\Altnet Potentially unwanted tool:application/myglobalsearch c:\arquivosdeprogramas\MyGlobalSearch Adware:adware/instafinder c:\arquivosdeprogramas\INSTAFINK Adware:adware/seekmo WindowsRegistry Adware:adware/zango WindowsRegistry Potentially unwanted tool:application/need2find hkey_local_machine\software\Need2Find Adware:adware/rxtoolbar WindowsRegistry Adware:adware/powerstrip WindowsRegistry Adware:Adware/Zango C:\WINDOWS\TEMP\DelA2B0.TMP Potentially unwanted tool:Application/Altnet C:\WINDOWS\TEMP\__unin__.exe Potentially unwanted tool:Application/P2PNetworking C:\WINDOWS\TEMP\P2PNetworkingp2pD112.EXE Spyware:Cookie/Com.com C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.google.com.br/] Spyware:Cookie/Server.iad.Liveperson C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[server.iad.liveperson.net/hc/3539701] Spyware:Cookie/Server.iad.Liveperson C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Doubleclick C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Com.com C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.terra.com.br/] Spyware:Cookie/YieldManager C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Com.com C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.uol.com.br/] Spyware:Cookie/Com.com C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[de.uol.com.br/] Spyware:Cookie/Com.com C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.ig.com.br/] Spyware:Cookie/Tribalfusion C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Mediaplex C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/2o7 C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.2o7.net/] Spyware:Cookie/QuestionMarket C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Atlas DMT C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.atdmt.com/] Spyware:Cookie/WebtrendsLive C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[statse.webtrendslive.com/S115907] Spyware:Cookie/WebtrendsLive C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/WebtrendsLive C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[statse.webtrendslive.com/S115907] Spyware:Cookie/Statcounter C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.statcounter.com/] Spyware:Cookie/RealMedia C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.realmedia.com/] Spyware:Cookie/2o7 C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.microsofteup.112.2o7.net/] Spyware:Cookie/Hitbox C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Hitbox C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.hg1.hitbox.com/] Spyware:Cookie/Overture C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.overture.com/] Spyware:Cookie/Comclick C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[fl01.ct2.comclick.com/] Spyware:Cookie/Zedo C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\kqy605j1.default\cookies.txt[.zedo.com/] Adware:Adware/Gator C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll Spyware:Cookie/Zedo C:\WINDOWS\Cookies\secretaria de saúde@zedo[1].txt Spyware:Cookie/Yadro C:\WINDOWS\Cookies\secretaria de saúde@yadro[2].txt Spyware:Cookie/Xiti C:\WINDOWS\Cookies\secretaria de saúde@xiti[1].txt Spyware:Cookie/Gator C:\WINDOWS\Cookies\secretaria de saúde@webpdp.gator[1].txt Spyware:Cookie/Weborama C:\WINDOWS\Cookies\secretaria de saúde@weborama[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@uol.com[2].txt Spyware:Cookie/Tradedoubler C:\WINDOWS\Cookies\secretaria de saúde@tradedoubler[1].txt Spyware:Cookie/Traffic Marketplace C:\WINDOWS\Cookies\secretaria de saúde@trafficmp[2].txt Spyware:Cookie/WinFixer C:\WINDOWS\Cookies\secretaria de saúde@winfixer[2].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@terra.com[2].txt Spyware:Cookie/WUpd C:\WINDOWS\Cookies\secretaria de saúde@revenue[1].txt Spyware:Cookie/Rightmedia C:\WINDOWS\Cookies\secretaria de saúde@rightmedia[1].txt Spyware:Cookie/SpyLog C:\WINDOWS\Cookies\secretaria de saúde@spylog[2].txt Spyware:Cookie/Mircx C:\WINDOWS\Cookies\secretaria de saúde@pop.mircx[2].txt Spyware:Cookie/Serving-sys C:\WINDOWS\Cookies\secretaria de saúde@serving-sys[3].txt Spyware:Cookie/Advertising C:\WINDOWS\Cookies\secretaria de saúde@servedby.advertising[1].txt Spyware:Cookie/Rn11 C:\WINDOWS\Cookies\secretaria de saúde@rn11[3].txt Spyware:Cookie/onestat.com C:\WINDOWS\Cookies\secretaria de saúde@stat.onestat[2].txt Spyware:Cookie/WUpd C:\WINDOWS\Cookies\secretaria de saúde@revenue[3].txt Spyware:Cookie/Server.iad.Liveperson C:\WINDOWS\Cookies\secretaria de saúde@server.iad.liveperson[1].txt Spyware:Cookie/Searchportal C:\WINDOWS\Cookies\secretaria de saúde@searchportal.information[3].txt Spyware:Cookie/Qsrch C:\WINDOWS\Cookies\secretaria de saúde@qsrch[1].txt Spyware:Cookie/WebtrendsLive C:\WINDOWS\Cookies\secretaria de saúde@statse.webtrendslive[1].txt Spyware:Cookie/Statcounter C:\WINDOWS\Cookies\secretaria de saúde@statcounter[2].txt Spyware:Cookie/WebtrendsLive C:\WINDOWS\Cookies\secretaria de saúde@statse.webtrendslive[3].txt Spyware:Cookie/Serving-sys C:\WINDOWS\Cookies\secretaria de saúde@serving-sys[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@uol.com[1].txt Spyware:Cookie/Tribalfusion C:\WINDOWS\Cookies\secretaria de saúde@tribalfusion[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@terra.com[1].txt Spyware:Cookie/Tribalfusion C:\WINDOWS\Cookies\secretaria de saúde@tribalfusion[2].txt Spyware:Cookie/Reliablestats C:\WINDOWS\Cookies\secretaria de saúde@stats1.reliablestats[1].txt Spyware:Cookie/Rn11 C:\WINDOWS\Cookies\secretaria de saúde@rn11[2].txt Spyware:Cookie/RealMedia C:\WINDOWS\Cookies\secretaria de saúde@realmedia[1].txt Spyware:Cookie/Traffic Marketplace C:\WINDOWS\Cookies\secretaria de saúde@trafficmp[1].txt Spyware:Cookie/QkSrv C:\WINDOWS\Cookies\secretaria de saúde@qksrv[2].txt Spyware:Cookie/Mammamediasolutions C:\WINDOWS\Cookies\secretaria de saúde@targetnet[2].txt Spyware:Cookie/Sextracker C:\WINDOWS\Cookies\secretaria de saúde@sextracker[1].txt Spyware:Cookie/Searchportal C:\WINDOWS\Cookies\secretaria de saúde@searchportal.information[1].txt Spyware:Cookie/WebPower C:\WINDOWS\Cookies\secretaria de saúde@webpower[1].txt Spyware:Cookie/Overture C:\WINDOWS\Cookies\secretaria de saúde@perf.overture[1].txt Spyware:Cookie/Paypopup C:\WINDOWS\Cookies\secretaria de saúde@paypopup[2].txt Spyware:Cookie/PayCounter C:\WINDOWS\Cookies\secretaria de saúde@paycounter[2].txt Spyware:Cookie/Overture C:\WINDOWS\Cookies\secretaria de saúde@overture[2].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@ig.com[3].txt Spyware:Cookie/Maxserving C:\WINDOWS\Cookies\secretaria de saúde@maxserving[1].txt Spyware:Cookie/Linksynergy C:\WINDOWS\Cookies\secretaria de saúde@linksynergy[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@ig.com[2].txt Spyware:Cookie/Hitbox C:\WINDOWS\Cookies\secretaria de saúde@hitbox[3].txt Spyware:Cookie/Hitbox C:\WINDOWS\Cookies\secretaria de saúde@hitbox[1].txt Spyware:Cookie/Humanclick C:\WINDOWS\Cookies\secretaria de saúde@hc2.humanclick[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@google.com[2].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@google.com[4].txt Spyware:Cookie/Errorguard C:\WINDOWS\Cookies\secretaria de saúde@errorguard[1].txt Spyware:Cookie/FastClick C:\WINDOWS\Cookies\secretaria de saúde@fastclick[2].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@google.com[1].txt Spyware:Cookie/ErrorSafe C:\WINDOWS\Cookies\secretaria de saúde@errorsafe[2].txt Spyware:Cookie/FastClick C:\WINDOWS\Cookies\secretaria de saúde@fastclick[1].txt Spyware:Cookie/GoStats C:\WINDOWS\Cookies\secretaria de saúde@gostats[2].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@google.com[3].txt Spyware:Cookie/Doubleclick C:\WINDOWS\Cookies\secretaria de saúde@doubleclick[2].txt Spyware:Cookie/Doubleclick C:\WINDOWS\Cookies\secretaria de saúde@doubleclick[1].txt Spyware:Cookie/Belnk C:\WINDOWS\Cookies\secretaria de saúde@dist.belnk[2].txt Spyware:Cookie/Belnk C:\WINDOWS\Cookies\secretaria de saúde@dist.belnk[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@de.uol.com[4].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@de.uol.com[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@com[3].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@de.uol.com[3].txt Spyware:Cookie/Casalemedia C:\WINDOWS\Cookies\secretaria de saúde@casalemedia[2].txt Spyware:Cookie/GoClick C:\WINDOWS\Cookies\secretaria de saúde@c.goclick[2].txt Spyware:Cookie/cs.sexcounter C:\WINDOWS\Cookies\secretaria de saúde@cs.sexcounter[2].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@bannerlandia.com[1].txt Spyware:Cookie/Atwola C:\WINDOWS\Cookies\secretaria de saúde@atwola[2].txt Spyware:Cookie/BurstNet C:\WINDOWS\Cookies\secretaria de saúde@burstnet[2].txt Spyware:Cookie/Apmebf C:\WINDOWS\Cookies\secretaria de saúde@apmebf[2].txt Spyware:Cookie/Enhance C:\WINDOWS\Cookies\secretaria de saúde@c.enhance[1].txt Spyware:Cookie/bravenetA C:\WINDOWS\Cookies\secretaria de saúde@bravenet[1].txt Spyware:Cookie/Bluestreak C:\WINDOWS\Cookies\secretaria de saúde@bluestreak[2].txt Spyware:Cookie/Belnk C:\WINDOWS\Cookies\secretaria de saúde@belnk[1].txt Spyware:Cookie/Atlas DMT C:\WINDOWS\Cookies\secretaria de saúde@atdmt[2].txt Spyware:Cookie/Falkag C:\WINDOWS\Cookies\secretaria de saúde@as-eu.falkag[2].txt Spyware:Cookie/Belnk C:\WINDOWS\Cookies\secretaria de saúde@belnk[2].txt Spyware:Cookie/Belnk C:\WINDOWS\Cookies\secretaria de saúde@ath.belnk[2].txt Spyware:Cookie/Atlas DMT C:\WINDOWS\Cookies\secretaria de saúde@atdmt[1].txt Spyware:Cookie/Apmebf C:\WINDOWS\Cookies\secretaria de saúde@apmebf[3].txt Spyware:Cookie/Advertising C:\WINDOWS\Cookies\secretaria de saúde@advertising[1].txt Spyware:Cookie/Advertising C:\WINDOWS\Cookies\secretaria de saúde@advertising[3].txt Spyware:Cookie/adultfriendfinder C:\WINDOWS\Cookies\secretaria de saúde@adultfriendfinder[1].txt Spyware:Cookie/Adtech C:\WINDOWS\Cookies\secretaria de saúde@adtech[2].txt Spyware:Cookie/PointRoll C:\WINDOWS\Cookies\secretaria de saúde@ads.pointroll[2].txt Spyware:Cookie/PointRoll C:\WINDOWS\Cookies\secretaria de saúde@ads.pointroll[1].txt Spyware:Cookie/ads.tripod.lycos.com C:\WINDOWS\Cookies\secretaria de saúde@ads.tripod.lycos[2].txt Spyware:Cookie/Admotion C:\WINDOWS\Cookies\secretaria de saúde@admotion.com[3].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@com[2].txt Spyware:Cookie/AdDynamix C:\WINDOWS\Cookies\secretaria de saúde@ads.addynamix[1].txt Spyware:Cookie/Admotion C:\WINDOWS\Cookies\secretaria de saúde@admotion.com[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@com[4].txt Spyware:Cookie/AdDynamix C:\WINDOWS\Cookies\secretaria de saúde@ads.addynamix[3].txt Spyware:Cookie/YieldManager C:\WINDOWS\Cookies\secretaria de saúde@ad.yieldmanager[1].txt Spyware:Cookie/Cgi-bin C:\WINDOWS\Cookies\secretaria de saúde@cgi-bin[1].txt Spyware:Cookie/Cgi-bin C:\WINDOWS\Cookies\secretaria de saúde@cgi-bin[5].txt Spyware:Cookie/CentrPort C:\WINDOWS\Cookies\secretaria de saúde@centrport[2].txt Spyware:Cookie/Casalemedia C:\WINDOWS\Cookies\secretaria de saúde@casalemedia[1].txt Spyware:Cookie/2o7 C:\WINDOWS\Cookies\secretaria de saúde@2o7[4].txt Spyware:Cookie/2o7 C:\WINDOWS\Cookies\secretaria de saúde@2o7[3].txt Spyware:Cookie/2o7 C:\WINDOWS\Cookies\secretaria de saúde@2o7[1].txt Spyware:Cookie/YieldManager C:\WINDOWS\Cookies\secretaria de saúde@ad.yieldmanager[2].txt Spyware:Cookie/Hbmediapro C:\WINDOWS\Cookies\secretaria de saúde@adopt.hbmediapro[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@ig.com[1].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@google.com[5].txt Spyware:Cookie/Doubleclick C:\WINDOWS\Cookies\secretaria de saúde@doubleclick[3].txt Spyware:Cookie/Atlas DMT C:\WINDOWS\Cookies\secretaria de saúde@atdmt[4].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@terra.com[4].txt Spyware:Cookie/QuestionMarket C:\WINDOWS\Cookies\secretaria de saúde@questionmarket[1].txt Spyware:Cookie/2o7 C:\WINDOWS\Cookies\secretaria de saúde@microsofteup.112.2o7[1].txt Spyware:Cookie/Kazaa Networks C:\WINDOWS\Cookies\secretaria de saúde@desktop.kazaa[1].txt Spyware:Cookie/Twain-Tech C:\WINDOWS\Cookies\secretaria de saúde@cliks[2].txt Spyware:Cookie/Btgrab C:\WINDOWS\Cookies\secretaria de saúde@btg.btgrab[2].txt Spyware:Cookie/OfferOptimizer C:\WINDOWS\Cookies\secretaria de saúde@offeroptimizer[2].txt Spyware:Cookie/YieldManager C:\WINDOWS\Cookies\secretaria de saúde@ad.yieldmanager[4].txt Spyware:Cookie/BestOffersNetworks C:\WINDOWS\Cookies\secretaria de saúde@bestoffersnetworks[2].txt Spyware:Cookie/Zedo C:\WINDOWS\Cookies\secretaria de saúde@zedo[2].txt Spyware:Cookie/Statcounter C:\WINDOWS\Cookies\secretaria de saúde@statcounter[1].txt Spyware:Cookie/Hitbox C:\WINDOWS\Cookies\secretaria de saúde@hitbox[4].txt Spyware:Cookie/RealMedia C:\WINDOWS\Cookies\secretaria de saúde@realmedia[3].txt Spyware:Cookie/Hitbox C:\WINDOWS\Cookies\secretaria de saúde@hitbox[5].txt Spyware:Cookie/Statcounter C:\WINDOWS\Cookies\secretaria de saúde@statcounter[3].txt Spyware:Cookie/Tribalfusion C:\WINDOWS\Cookies\secretaria de saúde@tribalfusion[3].txt Spyware:Cookie/FastClick C:\WINDOWS\Cookies\secretaria de saúde@fastclick[4].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@de.uol.com[2].txt Spyware:Cookie/Server.iad.Liveperson C:\WINDOWS\Cookies\secretaria de saúde@server.iad.liveperson[2].txt Spyware:Cookie/Com.com C:\WINDOWS\Cookies\secretaria de saúde@uol.com[3].txt Spyware:Cookie/Casalemedia C:\WINDOWS\Cookies\secretaria de saúde@casalemedia[4].txt Spyware:Cookie/FastClick C:\WINDOWS\Cookies\secretaria de saúde@media.fastclick[2].txt Adware:Adware/InstaFinder C:\Arquivos de programas\INSTAFINK\instafink.dll Adware:Adware/RXToolbar C:\NULL [/size]

[jgarcia 1]

Opa Adriano Santos,

 

Vamos lá.

 

Desinstale:

-> Altnet

-> MyGlobalSearch

-> INSTAFINK

 

Utilize Adicionar / Remover programas.

 

Desinstale, um a um, e reinicie após tê-lo feito.

 

Obs.: Caso não encontre algum dos programas acima citados na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o CCleaner em

CCleaner

 

Baixe, mas não execute ainda.

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

c:\windows\system\ide21201.vxd

C:\WINDOWS\TEMP\Installgffsg.exe

C:\WINDOWS\TEMP\DelA2B0.TMP

C:\WINDOWS\TEMP\__unin__.exe

C:\WINDOWS\TEMP\P2PNetworkingp2pD112.EXE

C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Segurança e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo de Segurança (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo de Segurança).

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte subchave:

 

hkey_local_machine\software

 

Localize e delete a seguinte pasta:

 

Need2Find

 

Delete o conteúdo da seguinte pasta c:\!Killbox.

 

3ª Etapa

 

Ainda em Modo de Segurança localize e delete:

 

c:\programfiles\Altnet <- a pasta

c:\arquivosdeprogramas\MyGlobalSearch <- a pasta

c:\arquivosdeprogramas\INSTAFINK<- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Verifique se o Active Scan ainda detecta algo.

 

Um abraço.

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.